X

How to protect your PC against the Intel chip flaw

Here are the steps to take to keep your Windows laptop or PC safe from Meltdown and Spectre.

Matt Elliott Senior Editor
Matt Elliott is a senior editor at CNET with a focus on laptops and streaming services. Matt has more than 20 years of experience testing and reviewing laptops. He has worked for CNET in New York and San Francisco and now lives in New Hampshire. When he's not writing about laptops, Matt likes to play and watch sports. He loves to play tennis and hates the number of streaming services he has to subscribe to in order to watch the various sports he wants to watch.
Expertise Laptops, desktops, all-in-one PCs, streaming devices, streaming platforms
Matt Elliott
3 min read

A major security flaw has been discovered in many modern processors that could allow hackers to access data -- passwords, encryption keys and other information you want kept private -- stored in the protected kernel memory of your computer, phone or tablet. Known by the names Spectre and Meltdown, the flaws affect chips from Intel and Arm. Intel's rival AMD believes its chips are safe, saying in a statement, "Due to differences in AMD's architecture, we believe there is a near zero risk to AMD processors at this time."

Click here for a broad overview of the fixes currently available for a variety of devices. Considering the vast number of users with Intel-based Windows PCs and laptops, here's a deeper dive on what you need to do to protect yourself.

Install the emergency Windows patch

Microsoft has released a rare, out-of-band emergency patch for Windows 10 users. It should pop up and ask you to restart your machine so it can be installed, but if you have yet to receive such a notification, then head to Settings > Update & security see if there are updates waiting on the Windows Update page. If you are running Windows 10 version 1709 (Fall Creators Update), the patch you need is labeled Security Update for Windows (KB4056892).

For older versions of Windows 10, here are the patch numbers:

  • Windows 10 version 1703 (Creators Update): KB4056891
  • Windows 10 version 1607 (Anniversary Update): KB4056890
  • Windows 10 version 1511 (November Update): KB4056888
  • Windows 10 version 1507 (Initial Release): KB4056893

Manual install route

If you have yet to receive the patch via Windows Update, you can manually install it by going to this Windows Update Catalog page. Odds are you are running a 64-bit version of Windows, so you'll want to install the file for x64-based systems. For Fall Creators Update, for example, it's the bottom-most option labeled "2018-01 Cumulative Update for Windows 10 Version 1709 for x64-based Systems (KB4056892)."

How can I be sure I'm protected?

To check to see if you have installed the necessary patch, go to Settings > Update & security and click View installed update history. Under Quality Updates, look to see that Security Update for Windows (KB4056892) was successfully installed. You can also check by going to Settings > System > About and scrolling down to the Windows specifications section. After installing the KB4056892 patch, the OS Build will read 16299.125.

windows-update-meltdown-spectre
Screenshot by Matt Elliott/CNET

AV conflicts

Your antivirus app might might be preventing you from receiving the patch from Windows Update. Microsoft is running into a compatibility issue with some antivirus apps. I use McAfee and didn't receive the update via Windows Update and had to manually install the patch. Microsoft suggests you follow up with your AV vendor and states it's doing what it can on its end to make sure everyone gets the security patch as soon as possible. You could always switch to Windows Defender until Microsoft and McAfee and Norton and the rest iron out the kinks.

Firmware update

Because this is a hardware issue, it's a good idea to check with your system's vendor for a firmware update that can add another layer of protection in addition to updating Windows. Contact support for Dell, HP, Lenovo or the manufacturer of your PC or laptop.

Update, Jan. 22: Intel is now advising that users AVOID updating their firmware (specifically, you'll want to avoid BIOS updates with updated microcode) because of "higher than expected reboots and other unpredictable system behavior." Read more here.

What else can I do?

There have been no known attacks using the Meltdown or Spectre vulnerabilities as of yet, but now that these flaws have been made public, the odds tick up that hackers will try to exploit them. After updating Windows and checking for a firmware update, you should run a scan using your AV app to check for any malicious software on your system. And keep your apps updated, most notably your browser, and, as always, beware of phishing emails that can give hackers access to your machine.